package aware.common.interceptor;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import org.apache.struts2.StrutsStatics;

import aware.common.dto.UserDTO;
import aware.common.util.AwareSecurityManager;

import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;

public class LoginInterceptor extends AbstractInterceptor implements
		StrutsStatics {

	/**
	 * Serial Version User ID
	 */
	private static final long serialVersionUID = -681904929572750233L;
	// private static final Log log = LogFactory.getLog
	// (LoginInterceptor.class);
	private static final String USER_HANDLE = "AWARE_USER_SESSSION_HANDLE";
	
	private static final String USERNAME = "awareUid";
	private static final String PASSWORD = "password";
	private static final String LOGIN_ATTEMPT = "loginAttempt";

	

	public String intercept(ActionInvocation invocation) throws Exception {
		// Get the action context from the invocation so we can access the
		// HttpServletRequest and HttpSession objects.
		final ActionContext context = invocation.getInvocationContext();
		
		HttpServletRequest request = (HttpServletRequest) context
				.get(HTTP_REQUEST);
		HttpSession session = request.getSession(true);

		String loginAttempt=request.getParameter(LOGIN_ATTEMPT);
		if("TRUE".equals(loginAttempt)) {
			/*
			 * Request comes from login page.
			 */
			session.removeAttribute(USER_HANDLE);
		}
		
		// Is there a "user" object stored in the user's HttpSession?
		UserDTO userDTO = (UserDTO)session.getAttribute(USER_HANDLE);
		if (userDTO == null) {
			// The user has not logged in yet.

			// Is the user attempting to log in right now?
			

			if (processLoginAttempt(request, session)) {
				// The login succeeded send them the login-success page.
				return "Login.success";
			}
			// Either the login attempt failed or the user hasn't tried to login
			// yet,
			// and we need to send the login form.
			return "Login.view";
		} else {
			return invocation.invoke();
		}
	}

	/**
	 * Attempt to process the user's login attempt delegating the work to the
	 * SecurityManager.
	 */
	public boolean processLoginAttempt(HttpServletRequest request,
			HttpSession session) {
		// Get the username and password submitted by the user from the
		// HttpRequest.
		String username = request.getParameter(USERNAME);
		String password = request.getParameter(PASSWORD);

		// Use the security manager to validate the user's username and
		// password.
		UserDTO user = AwareSecurityManager.login(username, password);

		if ("TRUE".equals(user.getValidUser())) {
			// The user has successfully logged in. Store their user object in
			// their HttpSession. Then return true.
			session.setAttribute(USER_HANDLE, user);
			return true;
		} else {
			// The user did not successfully log in. Return false.
			return false;
		}
	}
}
